Mail archive
alpine-aports

[alpine-aports] [PATCH] main/libsndfile: pull CVE-2018-19758 fix from upstream

From: alpine-mips-patches <info_at_mobile-stream.com>
Date: Thu, 3 Jan 2019 12:42:34 +0000

---
 main/libsndfile/APKBUILD             |  6 +++++-
 main/libsndfile/CVE-2018-19758.patch | 23 +++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 main/libsndfile/CVE-2018-19758.patch
diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD
index 9611731276..930040c438 100644
--- a/main/libsndfile/APKBUILD
+++ b/main/libsndfile/APKBUILD
_at_@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=libsndfile
 pkgver=1.0.28
-pkgrel=6
+pkgrel=7
 pkgdesc="A C library for reading and writing files containing sampled sound"
 url="http://www.mega-nerd.com/libsndfile"
 arch="all"
_at_@ -17,12 +17,15 @@ source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz
 	CVE-2017-12562.patch
 	CVE-2018-13139.patch
 	CVE-2017-17456_CVE-2017-17457_CVE-2018-19661_CVE-2018-19662.patch
+	CVE-2018-19758.patch
 	fix-rf64-varargs-bug.patch
 	"
 # sporadic testsuite failures on armhf
 case $CARCH in arm*) options="!check";; esac
 
 # secfixes:
+#   1.0.28-r7:
+#     - CVE-2018-19758
 #   1.0.28-r6:
 #     - CVE-2017-17456
 #     - CVE-2017-17457
_at_@ -69,4 +72,5 @@ dfd4b5f1c7471fc416eed5c6040580a020543f145de9103751adaad6ce1c5c6a22abc1cf0ffd381a
 814139567d90fb07908014e858c341fe933e04dca69b88ad66078910888237bbeba94f85d9e1489883c424f35fca312eb98c21ae2b122d9289bb6418725cd02e  CVE-2017-12562.patch
 33817e7c85180635fa239e4ea38973b18312878522639f43071188a995f0e1a35dbca6d133555fb0875292b4b609950ae38e747a6b1949f8ae840db9dc3a2805  CVE-2018-13139.patch
 ba3e5321713dbc118f45dac6f86049a15e6ba54fc788776eb267b1b165a0853bec278d8b066c71372cd243c852faa6781bef6a71d108e7cdbc64fb77fa3afc0a  CVE-2017-17456_CVE-2017-17457_CVE-2018-19661_CVE-2018-19662.patch
+0c363859399d7292b5e4c068b7c1e189b2169b0ea8e3ad4181f0a531382c4a94a43ad1e17f420bc0a77ffdd7bc439210c8a06a5bb7baec8709f0bbbabdb4c00e  CVE-2018-19758.patch
 0b7ce6bd6c1ec825521974c36b8c6eb5edd17d3c57d5ae3de287fb34a6be7108bc9511abb497538eef36e5883b84f4137fad6fe9a1d150345111de9f068838f9  fix-rf64-varargs-bug.patch"
diff --git a/main/libsndfile/CVE-2018-19758.patch b/main/libsndfile/CVE-2018-19758.patch
new file mode 100644
index 0000000000..ead28f6fd2
--- /dev/null
+++ b/main/libsndfile/CVE-2018-19758.patch
_at_@ -0,0 +1,23 @@
+commit 42132c543358cee9f7c3e9e9b15bb6c1063a608e
+Author: Erik de Castro Lopo <erikd_at_mega-nerd.com>
+Date:   Tue Jan 1 20:11:46 2019 +1100
+
+    src/wav.c: Fix heap read overflow
+    
+    This is CVE-2018-19758.
+    
+    Closes: https://github.com/erikd/libsndfile/issues/435
+
+diff --git a/src/wav.c b/src/wav.c
+index 9d71aadb..5c825f2a 100644
+--- a/src/wav.c
++++ b/src/wav.c
+_at_@ -1146,6 +1146,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
+ 		psf_binheader_writef (psf, "44", BHW4 (0), BHW4 (0)) ; /* SMTPE format */
+ 		psf_binheader_writef (psf, "44", BHW4 (psf->instrument->loop_count), BHW4 (0)) ;
+ 
++		/* Loop count is signed 16 bit number so we limit it range to something sensible. */
++		psf->instrument->loop_count &= 0x7fff ;
+ 		for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
+ 		{	int type ;
+ 
-- 
2.20.1
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Thu Jan 03 2019 - 12:42:34 UTC